1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19
20 #include <stddef.h>
21 #include <string.h>
22 #include <errno.h>
23 #include "testutil/testutil.h"
24 #include "nimble/hci_common.h"
25 #include "nimble/nimble_opt.h"
26 #include "host/ble_sm.h"
27 #include "host/ble_hs_test.h"
28 #include "ble_hs_test_util.h"
29 #include "ble_sm_test_util.h"
30
31 #if NIMBLE_BLE_SM
32
33 /*****************************************************************************
34 * $misc *
35 *****************************************************************************/
36
TEST_CASE(ble_sm_test_case_f4)37 TEST_CASE(ble_sm_test_case_f4)
38 {
39 uint8_t u[32] = { 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
40 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
41 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
42 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
43 uint8_t v[32] = { 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
44 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
45 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
46 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
47 uint8_t x[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
48 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
49 uint8_t z = 0x00;
50 uint8_t exp[16] = { 0x2d, 0x87, 0x74, 0xa9, 0xbe, 0xa1, 0xed, 0xf1,
51 0x1c, 0xbd, 0xa9, 0x07, 0xf1, 0x16, 0xc9, 0xf2 };
52 uint8_t res[16];
53 int err;
54
55 err = ble_sm_alg_f4(u, v, x, z, res);
56 TEST_ASSERT_FATAL(err == 0);
57 TEST_ASSERT(memcmp(res, exp, 16) == 0);
58 }
59
TEST_CASE(ble_sm_test_case_f5)60 TEST_CASE(ble_sm_test_case_f5)
61 {
62 uint8_t w[32] = { 0x98, 0xa6, 0xbf, 0x73, 0xf3, 0x34, 0x8d, 0x86,
63 0xf1, 0x66, 0xf8, 0xb4, 0x13, 0x6b, 0x79, 0x99,
64 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
65 0x05, 0xad, 0xc8, 0x57, 0xa3, 0x34, 0x02, 0xec };
66 uint8_t n1[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
67 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
68 uint8_t n2[16] = { 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
69 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
70 uint8_t a1t = 0x00;
71 uint8_t a1[6] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56 };
72 uint8_t a2t = 0x00;
73 uint8_t a2[6] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7 };
74 uint8_t exp_ltk[16] = { 0x38, 0x0a, 0x75, 0x94, 0xb5, 0x22, 0x05,
75 0x98, 0x23, 0xcd, 0xd7, 0x69, 0x11, 0x79,
76 0x86, 0x69 };
77 uint8_t exp_mackey[16] = { 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f,
78 0xfd, 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1,
79 0x65, 0x29 };
80 uint8_t mackey[16], ltk[16];
81 int err;
82
83 err = ble_sm_alg_f5(w, n1, n2, a1t, a1, a2t, a2, mackey, ltk);
84 TEST_ASSERT_FATAL(err == 0);
85 TEST_ASSERT(memcmp(mackey, exp_mackey, 16) == 0);
86 TEST_ASSERT(memcmp(ltk, exp_ltk, 16) == 0);
87 }
88
TEST_CASE(ble_sm_test_case_f6)89 TEST_CASE(ble_sm_test_case_f6)
90 {
91 uint8_t w[16] = { 0x20, 0x6e, 0x63, 0xce, 0x20, 0x6a, 0x3f, 0xfd,
92 0x02, 0x4a, 0x08, 0xa1, 0x76, 0xf1, 0x65, 0x29 };
93 uint8_t n1[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
94 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
95 uint8_t n2[16] = { 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
96 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
97 uint8_t r[16] = { 0xc8, 0x0f, 0x2d, 0x0c, 0xd2, 0x42, 0xda, 0x08,
98 0x54, 0xbb, 0x53, 0xb4, 0x3b, 0x34, 0xa3, 0x12 };
99 uint8_t io_cap[3] = { 0x02, 0x01, 0x01 };
100 uint8_t a1t = 0x00;
101 uint8_t a1[6] = { 0xce, 0xbf, 0x37, 0x37, 0x12, 0x56 };
102 uint8_t a2t = 0x00;
103 uint8_t a2[6] = { 0xc1, 0xcf, 0x2d, 0x70, 0x13, 0xa7 };
104 uint8_t exp[16] = { 0x61, 0x8f, 0x95, 0xda, 0x09, 0x0b, 0x6c, 0xd2,
105 0xc5, 0xe8, 0xd0, 0x9c, 0x98, 0x73, 0xc4, 0xe3 };
106 uint8_t res[16];
107 int err;
108
109 err = ble_sm_alg_f6(w, n1, n2, r, io_cap, a1t, a1, a2t, a2, res);
110 TEST_ASSERT_FATAL(err == 0);
111 TEST_ASSERT(memcmp(res, exp, 16) == 0);
112 }
113
TEST_CASE(ble_sm_test_case_g2)114 TEST_CASE(ble_sm_test_case_g2)
115 {
116 uint8_t u[32] = { 0xe6, 0x9d, 0x35, 0x0e, 0x48, 0x01, 0x03, 0xcc,
117 0xdb, 0xfd, 0xf4, 0xac, 0x11, 0x91, 0xf4, 0xef,
118 0xb9, 0xa5, 0xf9, 0xe9, 0xa7, 0x83, 0x2c, 0x5e,
119 0x2c, 0xbe, 0x97, 0xf2, 0xd2, 0x03, 0xb0, 0x20 };
120 uint8_t v[32] = { 0xfd, 0xc5, 0x7f, 0xf4, 0x49, 0xdd, 0x4f, 0x6b,
121 0xfb, 0x7c, 0x9d, 0xf1, 0xc2, 0x9a, 0xcb, 0x59,
122 0x2a, 0xe7, 0xd4, 0xee, 0xfb, 0xfc, 0x0a, 0x90,
123 0x9a, 0xbb, 0xf6, 0x32, 0x3d, 0x8b, 0x18, 0x55 };
124 uint8_t x[16] = { 0xab, 0xae, 0x2b, 0x71, 0xec, 0xb2, 0xff, 0xff,
125 0x3e, 0x73, 0x77, 0xd1, 0x54, 0x84, 0xcb, 0xd5 };
126 uint8_t y[16] = { 0xcf, 0xc4, 0x3d, 0xff, 0xf7, 0x83, 0x65, 0x21,
127 0x6e, 0x5f, 0xa7, 0x25, 0xcc, 0xe7, 0xe8, 0xa6 };
128 uint32_t exp_val = 0x2f9ed5ba % 1000000;
129 uint32_t val;
130 int err;
131
132 err = ble_sm_alg_g2(u, v, x, y, &val);
133 TEST_ASSERT_FATAL(err == 0);
134 TEST_ASSERT(val == exp_val);
135 }
136
TEST_CASE(ble_sm_test_case_conn_broken)137 TEST_CASE(ble_sm_test_case_conn_broken)
138 {
139 struct hci_disconn_complete disconn_evt;
140 int rc;
141
142 ble_sm_test_util_init();
143
144 ble_sm_dbg_set_next_pair_rand(((uint8_t[16]){0}));
145
146 ble_hs_test_util_create_conn(2, ((uint8_t[6]){1,2,3,5,6,7}),
147 ble_sm_test_util_conn_cb, NULL);
148
149 /* Initiate the pairing procedure. */
150 rc = ble_hs_test_util_security_initiate(2, 0);
151 TEST_ASSERT_FATAL(rc == 0);
152 TEST_ASSERT(ble_sm_num_procs() == 1);
153 ble_sm_test_util_io_inject_bad(2, BLE_SM_IOACT_NONE);
154
155 /* Terminate the connection. */
156 disconn_evt.connection_handle = 2;
157 disconn_evt.status = 0;
158 disconn_evt.reason = BLE_ERR_REM_USER_CONN_TERM;
159 ble_gap_rx_disconn_complete(&disconn_evt);
160
161 /* Verify security callback got called. */
162 TEST_ASSERT(ble_sm_test_gap_status == BLE_HS_ENOTCONN);
163 TEST_ASSERT(!ble_sm_test_sec_state.encrypted);
164 TEST_ASSERT(!ble_sm_test_sec_state.authenticated);
165 }
166
167 /*****************************************************************************
168 * $peer *
169 *****************************************************************************/
170
TEST_CASE(ble_sm_test_case_peer_fail_inval)171 TEST_CASE(ble_sm_test_case_peer_fail_inval)
172 {
173 /* Invalid role detected before other arguments. */
174 ble_sm_test_util_peer_fail_inval(
175 1,
176 ((uint8_t[]){0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c}),
177 ((uint8_t[]){0x03, 0x02, 0x01, 0x50, 0x13, 0x00}),
178 ((struct ble_sm_pair_cmd[1]) { {
179 .io_cap = 0x14,
180 .oob_data_flag = 0,
181 .authreq = 0x12,
182 .max_enc_key_size = 20,
183 .init_key_dist = 0x0b,
184 .resp_key_dist = 0x11,
185 } }),
186 ((struct ble_sm_pair_fail[1]) { {
187 .reason = BLE_SM_ERR_CMD_NOT_SUPP,
188 } })
189 );
190
191 /* Invalid key size - too small. */
192 ble_sm_test_util_peer_fail_inval(
193 0,
194 ((uint8_t[]){0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c}),
195 ((uint8_t[]){0x03, 0x02, 0x01, 0x50, 0x13, 0x00}),
196 ((struct ble_sm_pair_cmd[1]) { {
197 .io_cap = 0x04,
198 .oob_data_flag = 0,
199 .authreq = 0x5,
200 .max_enc_key_size = 6,
201 .init_key_dist = 0x07,
202 .resp_key_dist = 0x07,
203 } }),
204 ((struct ble_sm_pair_fail[1]) { {
205 .reason = BLE_SM_ERR_ENC_KEY_SZ,
206 } })
207 );
208
209 /* Invalid key size - too large. */
210 ble_sm_test_util_peer_fail_inval(
211 0,
212 ((uint8_t[]){0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c}),
213 ((uint8_t[]){0x03, 0x02, 0x01, 0x50, 0x13, 0x00}),
214 ((struct ble_sm_pair_cmd[1]) { {
215 .io_cap = 0x04,
216 .oob_data_flag = 0,
217 .authreq = 0x5,
218 .max_enc_key_size = 17,
219 .init_key_dist = 0x07,
220 .resp_key_dist = 0x07,
221 } }),
222 ((struct ble_sm_pair_fail[1]) { {
223 .reason = BLE_SM_ERR_INVAL,
224 } })
225 );
226 }
227
TEST_CASE(ble_sm_test_case_peer_lgcy_fail_confirm)228 TEST_CASE(ble_sm_test_case_peer_lgcy_fail_confirm)
229 {
230 ble_sm_test_util_peer_lgcy_fail_confirm(
231 ((uint8_t[]){0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c}),
232 ((uint8_t[]){0x03, 0x02, 0x01, 0x50, 0x13, 0x00}),
233 ((struct ble_sm_pair_cmd[1]) { {
234 .io_cap = 0x04,
235 .oob_data_flag = 0,
236 .authreq = 0x05,
237 .max_enc_key_size = 16,
238 .init_key_dist = 0x07,
239 .resp_key_dist = 0x07,
240 } }),
241 ((struct ble_sm_pair_cmd[1]) { {
242 .io_cap = 3,
243 .oob_data_flag = 0,
244 .authreq = 0,
245 .max_enc_key_size = 16,
246 .init_key_dist = 0,
247 .resp_key_dist = 0,
248 } }),
249 ((struct ble_sm_pair_confirm[1]) { {
250 .value = {
251 0x0a, 0xac, 0xa2, 0xae, 0xa6, 0x98, 0xdc, 0x6d,
252 0x65, 0x84, 0x11, 0x69, 0x47, 0x36, 0x8d, 0xa0,
253 },
254 } }),
255 ((struct ble_sm_pair_confirm[1]) { {
256 .value = {
257 0x45, 0xd2, 0x2c, 0x38, 0xd8, 0x91, 0x4f, 0x19,
258 0xa2, 0xd4, 0xfc, 0x7d, 0xad, 0x37, 0x79, 0xe0
259 },
260 } }),
261 ((struct ble_sm_pair_random[1]) { {
262 .value = {
263 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
264 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
265 },
266 } }),
267 ((struct ble_sm_pair_random[1]) { {
268 .value = {
269 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
270 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
271 },
272 } }),
273 ((struct ble_sm_pair_fail[1]) { {
274 .reason = BLE_SM_ERR_CONFIRM_MISMATCH,
275 } })
276 );
277 }
278
TEST_CASE(ble_sm_test_case_peer_bonding_bad)279 TEST_CASE(ble_sm_test_case_peer_bonding_bad)
280 {
281 ble_sm_test_util_peer_bonding_bad(0x5684, 32);
282 ble_sm_test_util_peer_bonding_bad(54325, 65437);
283 }
284
TEST_CASE(ble_sm_test_case_peer_sec_req_inval)285 TEST_CASE(ble_sm_test_case_peer_sec_req_inval)
286 {
287 struct ble_sm_pair_fail fail;
288 struct ble_sm_sec_req sec_req;
289 int rc;
290
291 ble_sm_test_util_init();
292
293 ble_sm_dbg_set_next_pair_rand(((uint8_t[16]){0}));
294
295 ble_hs_test_util_create_conn(2, ((uint8_t[6]){1,2,3,5,6,7}),
296 ble_sm_test_util_conn_cb,
297 NULL);
298
299 /*** We are the slave; reject the security request. */
300 ble_hs_atomic_conn_set_flags(2, BLE_HS_CONN_F_MASTER, 0);
301
302 sec_req.authreq = 0;
303 ble_sm_test_util_rx_sec_req(
304 2, &sec_req, BLE_HS_SM_US_ERR(BLE_SM_ERR_CMD_NOT_SUPP));
305
306 fail.reason = BLE_SM_ERR_CMD_NOT_SUPP;
307 ble_sm_test_util_verify_tx_pair_fail(&fail);
308
309 /*** Pairing already in progress; ignore security request. */
310 ble_hs_atomic_conn_set_flags(2, BLE_HS_CONN_F_MASTER, 1);
311 rc = ble_sm_pair_initiate(2);
312 TEST_ASSERT_FATAL(rc == 0);
313 ble_hs_test_util_prev_tx_queue_clear();
314
315 ble_sm_test_util_rx_sec_req(2, &sec_req, BLE_HS_EALREADY);
316 TEST_ASSERT(ble_hs_test_util_prev_tx_queue_sz() == 0);
317 }
318
319 /*****************************************************************************
320 * $us *
321 *****************************************************************************/
322
TEST_CASE(ble_sm_test_case_us_fail_inval)323 TEST_CASE(ble_sm_test_case_us_fail_inval)
324 {
325 struct ble_sm_test_params params;
326
327 /* Invalid key size - too small. */
328 params = (struct ble_sm_test_params) {
329 .init_id_addr = {0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c},
330 .resp_id_addr = {0x03, 0x02, 0x01, 0x50, 0x13, 0x00},
331 .pair_req = (struct ble_sm_pair_cmd) {
332 .io_cap = 3,
333 .oob_data_flag = 0,
334 .authreq = 0,
335 .max_enc_key_size = 16,
336 .init_key_dist = 0,
337 .resp_key_dist = 0,
338 },
339 .pair_rsp = (struct ble_sm_pair_cmd) {
340 .io_cap = 0x04,
341 .oob_data_flag = 0,
342 .authreq = 0x05,
343 .max_enc_key_size = 6,
344 .init_key_dist = 0x07,
345 .resp_key_dist = 0x07,
346 },
347 .pair_fail = (struct ble_sm_pair_fail) {
348 .reason = BLE_SM_ERR_ENC_KEY_SZ,
349 },
350 };
351 ble_sm_test_util_us_fail_inval(¶ms);
352
353 /* Invalid key size - too large. */
354 params = (struct ble_sm_test_params) {
355 .init_id_addr = {0xe1, 0xfc, 0xda, 0xf4, 0xb7, 0x6c},
356 .resp_id_addr = {0x03, 0x02, 0x01, 0x50, 0x13, 0x00},
357 .pair_req = (struct ble_sm_pair_cmd) {
358 .io_cap = 3,
359 .oob_data_flag = 0,
360 .authreq = 0,
361 .max_enc_key_size = 16,
362 .init_key_dist = 0,
363 .resp_key_dist = 0,
364 },
365 .pair_rsp = (struct ble_sm_pair_cmd) {
366 .io_cap = 0x04,
367 .oob_data_flag = 0,
368 .authreq = 0x05,
369 .max_enc_key_size = 17,
370 .init_key_dist = 0x07,
371 .resp_key_dist = 0x07,
372 },
373 .pair_fail = (struct ble_sm_pair_fail) {
374 .reason = BLE_SM_ERR_INVAL,
375 },
376 };
377 ble_sm_test_util_us_fail_inval(¶ms);
378 }
379
TEST_SUITE(ble_sm_gen_test_suite)380 TEST_SUITE(ble_sm_gen_test_suite)
381 {
382 tu_suite_set_post_test_cb(ble_hs_test_util_post_test, NULL);
383
384 ble_sm_test_case_f4();
385 ble_sm_test_case_f5();
386 ble_sm_test_case_f6();
387 ble_sm_test_case_g2();
388
389 ble_sm_test_case_peer_fail_inval();
390 ble_sm_test_case_peer_lgcy_fail_confirm();
391 ble_sm_test_case_us_fail_inval();
392 ble_sm_test_case_peer_bonding_bad();
393 ble_sm_test_case_conn_broken();
394 ble_sm_test_case_peer_sec_req_inval();
395 }
396 #endif
397
398 int
ble_sm_test_all(void)399 ble_sm_test_all(void)
400 {
401 #if !NIMBLE_BLE_SM
402 return 0;
403 #else
404 ble_sm_gen_test_suite();
405 ble_sm_lgcy_test_suite();
406 ble_sm_sc_test_suite();
407
408 return tu_any_failed;
409 #endif
410 }
411